Post Tagged with: "security"

Yesterday’s Trouble with the TPP post examined some of the uncertainty created by the surprising e-commerce provision that involves restrictions on source code disclosures. KEI notes that governments have not been shy about requiring source code disclosures in other contexts, such as competition worries. Yet this rule will establish new restrictions, creating concerns about the implications in areas such as privacy. For example, security and Internet experts have been sounding the alarm on the risks associated with exploited wifi routers and pointing to source code disclosures as potential solution.

Another Trouble with the TPP is its foray into the software industry. One of the more surprising provisions in the TPP’s e-commerce chapter was the inclusion of a restriction on mandated source code disclosure. Article 14.17 states:

No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.

The provision is subject to some limitations. For example, it is “limited to mass-market software or products containing such software and does not include software used for critical infrastructure.” The source code disclosure rule is not found in any other current Canadian trade agreement, though leaked documents indicate that it does appear in a draft of the Trade in Services Agreement (TISA).

Edward Snowden burst into the public consciousness in June 2013 with a series of astonishing revelations about U.S. surveillance activities. Snowden’s primary focus has centered on the U.S., however the steady stream of documents have laid bare the notable role of allied surveillance agencies, including the Communications Security Establishment (CSE), Canada’s signals intelligence agency. The Canadian-related leaks – including disclosures regarding surveillance over millions of Internet downloads, airport wireless networks, spying on the Brazilian government, and the facilitation of spying at the G8 and G20 meetings hosted in Toronto in 2010 – have unsurprisingly inspired some domestic discussion and increased media coverage on privacy and surveillance issues. Yet despite increased public and media attention, the Snowden leaks have thus far failed to generate sustained political debate in Canada.

Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents. Last week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.

My weekly technology law column (Toronto Star version, homepage version) notes that in the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data – all accessible to telecom companies, network providers, and surveillance agencies.

The Standing Committee on Public Safety and National Security completed its clause-by-clause review of Bill C-51 yesterday with a hearing that Green Party leader Elizabeth May described as the “most offensive she has experienced.” In all, the government rejected 61 Green Party amendments, 28 NDP amendments, and 13 Liberal amendments. Yesterday I posted a “by the numbers” review of the committee hearings on Bill C-51 noting that Conservative MPs rarely asked substantive questions about provisions in the bill and that important voices such as the Privacy Commissioner of Canada were blocked from appearing altogether.

One of the most striking aspects of the hearings was how difficult it was for the government to find expert supporters of the bill. There were certainly some – police associations, Robert Morrison, Peter Neumann, Garth Davies, Christian Leuprecht among them – but the line-up of supporting organizations also included: